BREAK IN TRANSCRIPT
COSTELLO: Joining us now is Republican Congressman Marsha Blackburn of Tennessee. She's also the vice chairwoman of the House Energy and Commerce Committee, which held yesterday's hearing.
Good morning, Congresswoman.
REP. MARSHA BLACKBURN (R), TENNESSEE: Good morning, Carol. Thank you.
COSTELLO: Thanks so much for joining me.
COSTELLO: CNN has looked into the medical privacy question and found the Web site does not violate HIPAA, the only health related question, is do you smoke?
So what specifically were you referring to on the Web site that violates, that could possibly violate HIPAA?
BLACKBURN: We are concerned about privacy overall. Data security privacy and of course applying and complying with the HIPAA laws, and --
COSTELLO: But what question specifically asks that would concern you about HIPAA, what medical question does it ask?
BLACKBURN: Carol, HIPAA requires you to -- it's the way you structure your Web site and the way you transit the information, the transfer rights that are there, and when you look at privacy on these Web sites, what you have to do is keep all of the application information in one server and then you have to, whether it is a physical server or a cloud server and you have to make certain you have the patient data information in another.
You have to be certain that any of the information concerning disease or condition or pertinent to the individual is separate. All of our hospitals --
COSTELLO: But there nor questions that are asked concerning any disease or health condition. The only health related question asked is do you smoke?
HIPAA has to do with medical records, right? But it's not asking for medical records or medical information.
BLACKBURN: It also has to do with the way you transit all of this information and what we want to do is to make certain that each of these agencies, it is important enough that each of the contractors said they had been through some HIPAA training.
What we wanted to do in the interests of privacy of our constituents is make certain as they build this data hub that will contain your medical as well as your financial information and as this is shared with the different agencies with the insurance companies that are going to be --
COSTELLO: Specifically, what information does the Web site ask for? And specifically what private information that the government doesn't already have does the Web site ask for?
BLACKBURN: Well, we want to make certain that the individual has a right to privacy, and as you heard in what was revealed yesterday, in the privacy notice that is down in the coding, an individual is not given that right to privacy.
So, not only are we looking at HIPAA, we are looking at privacy. We are looking at how the companies handle this information. Serco said they had 2,000 individuals --
COSTELLO: I'm trying to understand what kind of information you're talking about. What kind of information are you talking about? What specifically does the Web site ask that I might be afraid might be shared with whomever? Specifically. What information?
BLACKBURN: You should be very concerned not only as you navigate the Web site but as you make a purchase, and then as your information is handled. What we want to make certain is that an individual's medical information, their financial information is all going to be kept in a private manner.
What people do not want is a peeping tom who is going to look through their PII, their personally identifying information. They want to make certain the federal government has standards and are applying and abiding by the privacy laws that are on the books and by the HIPAA regulations that every hospital and every doctor abide by.
So, this is a serious investigation, looking at the entire roll-out and launch of this website, how this data is being used.
You know, Carol, it is interesting yesterday --
COSTELLO: I understand you're concerned about hacking into the site because that is a real concern because it's not working right now.
BLACKBURN: And the identifying information if of concern.
COSTELLO: And as far as specific information I'm not clear on what the Web site asks you that would violate HIPAA.
BLACKBURN: As individuals navigate the Web site and work through finding a product, as they make a purchase and as they have their information that is going to, as it's going to be data mined, if you will, what you have to make certain is that information is separated from patients and individuals, and that it is going to be anonymized and individuals have an expectation and a right of privacy that the federal government is going to abide by that.
Now, when you have a company that is utilizing as many as 80 or 100 different servers, whether they're physical or they're Cloud servers, you have to make certain that the encryption is there, that individuals who are setting up accounts have set passwords, that those passwords are being changed within every 90 days, all of this is HIPAA health care compliance.
BLACKBURN: It is the customer's expectation of that privacy. If these individuals are not engineering those Web sites with these protections, with these encryptions, if they are not making certain that people do not have physical access to those Web sites, and the information held in them, then they're not going to be compliant with federal law.
BLACKBURN: And we want to make certain that they are going to be compliant.
COSTELLO: I understand, I do. I just, again, the only health related question this Web site asks is do you smoke, but I hear what you're saying.
BLACKBURN: I think there are other questions that are there. There are other questions that are there.
COSTELLO: Not health related. Congressman Blackburn, thank you. Thank you so much.
BLACKBURN: Thank you, Carol.
COSTELLO: Thank you for joining me this morning.
BREAK IN TRANSCRIPT